Sarbanes-Oxley: The New Rising Star

Ineffectual corporate management has given a great gift to programmers, system administrators, and CIOs - endless corporate accounting scandals. Our federal government has not missed this scandalous behavior as they have passed an extraordinarily strong, far-reaching law to contend with financial fraud.

Officially it's called the Public Company Accounting Reform and Investor Protection Act, but it's more commonly know as the Sarbanes-Oxley Act. The Sarbanes-Oxley Act is a very special piece of legislation designed to keep corporate managers honest. The Act awards dishonesty with a 10- or 20-year prison sentence for CEOs and CFOs. In addition, it has a provision for taking any and all ill-gotten gains from the dishonest executive. There are approximately 14,000 publicly traded companies in the United States, with just about 7,400 of them traded on the New York, the American, or the NASDAQ stock exchanges.

Most recently, the Securities and Exchange Commission (SEC) charged Jeffrey Skilling, the former president and chief executive officer of Enron, with fraud. The SEC is seeking to seize all of his ill-gotten gains and permanently bar him from acting as a director or officer of any publicly held company. On top of that, he is facing a maximum of 325 years in prison and hundreds of millions of dollars in fines. Considering that Andrew Fastow, who reported to Skilling at Enron, got off with 10 years in prison and forfeited $23 million in cash and assets, this is serious stuff!

Executives are now directly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting. The reports must contain a written assessment of the effectiveness of the internal control structure and procedures of the issuer with regard to financial reporting, as of the end of the most recent fiscal year of the issuer.

To put this in perspective, the average billion-dollar company has about 50 disparate financial systems up and running at any given time, some of which have been running for more than 30 years. Remember Y2K, with all of those old systems that were designed in the 50 years after World War II that did not anticipate ever needing to factor in the century changing? Starting June 15, 2004, you need to ensure that everything coming out of the old mainframes, client/servers, and new application servers is correct and adds up perfectly.

Adding to the complexity of the corporate, information-technology topology is the fact that most of them are running two or three enterprise resource planning (ERP) systems. These systems take literally years to install and configure and not a single soul on Earth can guarantee that any ERP system is 100% on the money 100% of the time.

Putting the icing on the cake: about 50% of the time, this information is output to an Excel spreadsheet, opening the door for endless misinterpretations and unintentional mistakes.

Sarbanes-Oxley compliance is very different from Year 2000 readiness. With the Y2K fire drill all you needed to do to achieve success was get the computer to roll over on January 1, 2000, and not shut off or miscalculate. In addition, Y2K was a one-time event. As I'm sure you know, there was no Y2.1K. Sarbanes-Oxley compliance is an everyday, every hour issue that must all be rolled up into a tight, neat package every three months to support the quarterly financial statements.

For a public company to comply with Sarbanes-Oxley, the accounting, financial management, and legal departments all ultimately funnel their data through information technology, which opens issues as to the completeness and accuracy of every code fragment and algorithm that's embedded in any project.

White-shoe law firms, the large accounting firms, and a myriad of management consultants have all begun Sarbanes-Oxley practices. In Silicon Valley and the other technology hot spots around the U.S., venture-funded Sarbanes-Oxley software companies are beginning to appear with increasing regularity.

A good example is Nth Orbit, which is offering a Sarbanes-Oxley product called Certus that provides a systematic approach to compliance. Their lead investor is Sequoia Capital. Sequoia was an early investor in and worked with Cisco Systems, Yahoo!, Redback Networks, Google, Network Appliance, Cypress Semiconductor, Vitesse Semiconductor, Apple Computer, and Oracle. These are not stupid people! Merger and acquisition activity is also beginning in this space, exemplified by EMC's recent purchase of Documentum. And there is an entire magazine dedicated to Sarbanes-Oxley compliance - the Sarbanes-Oxley Compliance Journal (www.s-ox.com).

The Sarbanes-Oxley Act is changing the way the business world operates. High-quality staff, automation, and processes will be a must-have for all public companies. The long-term payback will ultimately be a significantly higher level of awareness and controls that will produce much higher business processes throughout business units reporting up to their corporate parents.

Sarbanes-Oxley will make the astute programmer, system administrator, and CIO indispensable within their organization. These positions cannot be rationally offshored or outsourced. The personal risk to the people running the corporation is too high. The requirement to attest that the systems are working as intended and described is so intense, only a mad man would send this work halfway around the world to save a couple of bucks.

Related Stories

Jack Martin, editor-in-chief of WebSphere Journal, is cofounder and CEO of Simplex Knowledge Company (publisher of Sarbanes-Oxley Compliance Journal http://www.s-ox.com), an Internet software boutique specializing in WebSphere development. Simplex developed the first remote video transmission system designed specifically for childcare centers, which received worldwide media attention, and the world's first diagnostic quality ultrasound broadcast system. Jack is co-author of Understanding WebSphere, from Prentice Hall.

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

The Sarbanes-Oxley Act of 2002 (Pub.L. 107-204, 116 Stat. 745, enacted July 30, 2002), also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called Sarbanes-Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002 in response to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom.

Cloud Expo

Cloud Computing & All That
It Touches In One Location Cloud Computing - Big Data - Internet of Things
SDDC - WebRTC - DevOps
Cloud computing is become a norm within enterprise IT.

The competition among public cloud providers is red hot, private cloud continues to grab increasing shares of IT budgets, and hybrid cloud strategies are beginning to conquer the enterprise IT world.

Big Data is driving dramatic leaps in resource requirements and capabilities, and now the Internet of Things promises an exponential leap in the size of the Internet and Worldwide Web.

The world of SDX now encompasses Software-Defined Data Centers (SDDCs) as the technology world prepares for the Zettabyte Age.

Add the key topics of WebRTC and DevOps into the mix, and you have three days of pure cloud computing that you simply cannot miss.

Delegates will leave Cloud Expo with dramatically increased understanding the entire scope of the entire cloud computing spectrum from storage to security.

Cloud Expo - the world's most established event - offers a vast selection of 130+ technical and strategic Industry Keynotes, General Sessions, Breakout Sessions, and signature Power Panels. The exhibition floor features 100+ exhibitors offering specific solutions and comprehensive strategies. The floor also features two Demo Theaters that give delegates the opportunity to get even closer to the technology they want to see and the people who offer it.

Attend Cloud Expo. Craft your own custom experience. Learn the latest from the world's best technologists. Find the vendors you want and put them to the test.